You are not logged in. Please login or register.
PunBB Forums → PunBB 1.2 modifications, plugins and integrations → HTML instead of BBCODE
Due to some reasons (incompatibility with other parts of my site, parse overhead and ...) I want to change the storage method of post from bbcode to html.
This way the post must be checked for malicious tag like <script> before inserting in database.
I want to know if it's a good idea! the benefits and problems?
Onething that i don't understand is this, that why no forum programmer (VB, PHPBB) uses html in his code?
One reason against doing it is that if the markup is badly written or the poster wants to be a pain then the whole page could be trashed. If the forum was being served as xml it would even worse because the xml parser would just refuse to output the page. Just checking for malicious tags wouldn't be enough, you would really have to run it through an xhtml validator to check the markup was well formed which would result in much more of an overhead then using a bbcode parser. Unless of course you can guarantee all your members are experts at writing valid xhtml strict and will never forget a closing tag.
The only realistic way of doing it would be to use bbcode for posting and then run parser.php against it and store the result. The downside of that is it would only work for new posts, existing posts would be a mess.
One reason taht i want to switch to html is great wysiwyg editors that exist for it like tinymce. These editors decrease the chance of unclosed tag and also have xhtml validator.
Another thing is this, You can not parse the post before inserting it in DB because when the user wants to edit the post, the bbcode must be generated again. So I don't think html validation make much overhead like parsing the post every time that it's going to be shown.
Not everyone uses the wysiwyg editors =/
And I think HTML is a bad option, as you'd have to write a parser that validates your HTML, gets out bad tags, ...
Oh, and with BBCode you can easily limit what kind of markup users use. Imagine if I put a <marquee> tag in this post =/
As far as wysiwyg editors, they are not suitable for a default installation. First, they rely on javascript so what would the fall back be for users with javascript disabled. Second, I'm pretty sure none of them satisfy WCAG accessibility guidelines. Third, not all of the features work in all browsers. Fourth, storing html in the database is going to take a lot more room than storing straight text resulting in a database overhead.
I tend to think these systems are fine if you are running a cms where a limited numer of people will be making submissions but are not really suitable where the world at large can sign up and post. A forum is essentially meant for quick and dirty communication not well crafted submissions.
Of course, there may be forums where the nature and size of the of the membership means it would work very well so there is no reason it couldn't be a modification.
"vBCode"
Advantages -
More control in both available tags and layout features.
Harder to break a layout i.e. unclosed tables.
Neater messages but that is limited to the limited amount of codes.
Secure, only offer those codes that you want.
Disadvantages -
Each new code needs new parsing routines.
Can be processor intensive but this can be alleviated with parsed post caching.
Limits creativity to the codes available.
"HTML"
Advantages -
Larger range of formatting available.
understood language by technical types.
Disadvantages -
Almost impossible to secure with dynamic URL's, offsite stylesheets, behaviours and javascript available to every tag.
Learning curve for non-technical people.
Strict rules of implementation that can break your site.
Cross-site Scripting vulnerabilities which can result in the net loss of your server.
PunBB Forums → PunBB 1.2 modifications, plugins and integrations → HTML instead of BBCODE
Powered by PunBB, supported by Informer Technologies, Inc.